[grsec] UML strange problem...

[pageexec at freemail.hu]

if this fails:

> ----[ chpax 0.7 : Current flags for linux (PeMRxS) ]----

and this works:

> ----[ chpax 0.7 : Current flags for linux (pemRxs) ]----

then probably 'linux' is linked in a special way that wants
to occupy parts of the address space that are not available
under SEGMEXEC (valgrind is another example of this), you
can verify that by 'readelf -l linux'.

furthermore, even if you disabled only SEGMEXEC, chances are
that UML is not written with PaX in mind therefore non-exec
pages would break it anyway, so you do need to disable all
of the non-exec pages related features.

> I find that the  approach to pax is difficult because the Documentation does
> not point out how to do the whole work... There are lots of tech docs but
> IMHO they are too long and do not cover basic tasks. I have tried to turn
> (by hand) my debian into hardened debian but i dod not manage to do it... I
> have read every docs on line (gentoo howto on hardening a system is the best
> one for me).
> Please note that this is only my opinion and that I appreciate all your
> work... 

it's ok and you're not the only one who's missing end-user level
docs, but... i have only so much time and motivation for this.
futhermore, i never intended PaX to be set up/tweaked by end-users,
there're just too many technical issues that one has to take care
of, it's really a distro job (e.g., removing nested functions, text
relocations from shared libraries, building position independent
executables, etc). so if possible you should be using distros that
are already PaX aware, Adamantix or Hardened Gentoo in particular.